Unofficial E2guardian package for pfSense



  • @pfsensation said in Unofficial E2guardian package for pfSense:

    @genesislubrigas said in Unofficial E2guardian package for pfSense:

    @pfsensation said in Unofficial E2guardian package for pfSense:

    @ucribrahim said in Unofficial E2guardian package for pfSense:

    @ravegen I'm not saying that if you use Lightsquid with E2guardian it gets broken. Nooo! I'm saying that if you go to Daemon menu and click Save settings so many times at the same time. It will get broken and it is gonna work until you restart pfsense. I don't know it just me or someone knows that.

    Maybe I'm wrong but this is my experience about e2guardian.

    NOTE: There is no problem, using Lightsquid with E2guardian. @pfsensation said go to do that "Set E2 Guardian reporting to Squid format, install light squid, run the command. And just wait for the logs to come through. I didn't have to do anything else."

    Of course use the following command and then restart pfsense after that go to do necessary settings.

    fetch -o /usr/local/pkg/lightsquid.inc http://e-sac.siteseguro.ws/lightsquid/inc.txt

    You don't need to restart pfsense. What happens is sometimes multiple threads or processes of E2 Guardian can be started. Although this is barely an issue anymore, and most of the bugs have been squashed.

    Instead of restart you can run "top" get the process ID of E2 Guardian processes, then type "kill" followed by the process ID to completely kill E2 Guardian processes. Then you can go back to the GUI, press the save then start. And it'll work as normal.

    But this is only happens nowadays in extreme cases when you're spamming buttons...

    I solved this. Now there is no realtime status on realtime tab.

    Do me a favour, log into the pfsense GUI. Then press on the diagnostics tab > edit a file. Go over to: var/log/e2guardian and open up access.log.

    Let me know what you can see in there

    yes it is there



  • Marcelloc,

    Can we request the realtime report separately can also be accessed outside the e2guardian gui so that other users can access it for viewing purposes like lightsquid proxy reports.



  • @ravegen E2 Guardian is spitting out log files, you can make a script to parse those however you like then host on a Web server.

    But why would you need this feature? I understand that in a school for example you may want to see what a certain user has been visiting. But if it's for the users themselves to see what sites they've been visiting. Just use the browsers history option lol



  • @pfsensation @ucribrahim is there a way we can limit bandwidth for youtube same as squid acl?

    delay_pools 2
    delay_class 2 1
    delay_parameters 2 128000/128000
    acl YOUTUBE dstdomain .googlevideo.com
    delay_access 2 allow YOUTUBE



  • This post is deleted!


  • @pfsensation said in Unofficial E2guardian package for pfSense:

    @ravegen E2 Guardian is spitting out log files, you can make a script to parse those however you like then host on a Web server.

    But why would you need this feature? I understand that in a school for example you may want to see what a certain user has been visiting. But if it's for the users themselves to see what sites they've been visiting. Just use the browsers history option lol

    Because this user might be part of management that wants to check on interval basis but is not allowed to see the settings done.



  • @kenpachizaraki said in Unofficial E2guardian package for pfSense:

    @pfsensation @ucribrahim is there a way we can limit bandwidth for youtube same as squid acl?

    delay_pools 2
    delay_class 2 1
    delay_parameters 2 128000/128000
    acl YOUTUBE dstdomain .googlevideo.com
    delay_access 2 allow YOUTUBE

    E2 Guardian doesn't have that granularity yet. Just use Squid as parent and do it that way if you need to. Looks like you're using delay pools, that should work fine.



  • @ravegen said in Unofficial E2guardian package for pfSense:

    @pfsensation said in Unofficial E2guardian package for pfSense:

    @ravegen E2 Guardian is spitting out log files, you can make a script to parse those however you like then host on a Web server.

    But why would you need this feature? I understand that in a school for example you may want to see what a certain user has been visiting. But if it's for the users themselves to see what sites they've been visiting. Just use the browsers history option lol

    Because this user might be part of management that wants to check on interval basis but is not allowed to see the settings done.

    Quick and dirty way would be to setup a chron job to periodically copy the log file into pfsense WWW folder, into any new sub folder than you make.
    Then your member of management can access it through [pfsense IP]/subfolder/access.log.

    There are software solutions to parse the logs to make it a bit more fancy. Since the GUI of E2 Guardian is done completely by Marcello in his free time. It may take a while before we have a proper log viewer. I'd personally like to see one which allows us to filter log by who, what, when, where and why.



  • @pfsensation is e2guardian working on multi vlan and multiwan? Got a quick test today but its not working....



  • @kenpachizaraki Should Work fine on multi VLAN, you do have to select the interfaces. However it doesn't yet support Multi WAN.



  • This post is deleted!


  • @pfsensation ok thats a stopper!!!
    But will it work squid multi wan + e2g? Ill give a shot on it today.



  • @kenpachizaraki said in Unofficial E2guardian package for pfSense:

    @pfsensation ok thats a stopper!!!
    But will it work squid multi wan + e2g? Ill give a shot on it today.

    Yeah that setup should be fine, although I haven't tried it. Theoretically it should work because all the traffic is passed to Squid, then it can decide to use the multiple gateways. Let us know what results you get if you try it, I know there's been quite a few requests for that.

    However, I completely forgot. For one of my sites, I do have E2 Guardians configured via VLANs. So I can vouch that it does work fine as long as you assign the interface correctly and get DHCP etc working properly on the VLAN.



  • @marcelloc Can you please update the package files? Me, Fred and Phillip have pushed quite a few patches and fixes to the E2 Guardian branch.



  • @pfsensation yes dhcp vlans are working correctly. Right now i enabled squid but no blocking on sites. Just pure proxy. I want to use e2g since it can block https without installing cert. Ill post result later.



  • @kenpachizaraki said in Unofficial E2guardian package for pfSense:

    @pfsensation yes dhcp vlans are working correctly. Right now i enabled squid but no blocking on sites. Just pure proxy. I want to use e2g since it can block https without installing cert. Ill post result later.

    I personally would steer away from Squid unless you really need to fill in the gap for multiwan support. Pfsense runs a old version of Squid that's pretty slow by today's standards. In my own testing, streaming sites like YouTube were a lot slower with Squid. E2 Guardian v5 on the other hand has been super fast and the code is way more efficient now.



  • @pfsensation yes that why i like e2g coz of that reason. However without multi wan support the only way is to use squid. If only e2g works multiwan then i can ditched squid. Maybe someone was able to work it out since it is common to have multi wan.



  • @kenpachizaraki said in Unofficial E2guardian package for pfSense:

    @pfsensation yes that why i like e2g coz of that reason. However without multi wan support the only way is to use squid. If only e2g works multiwan then i can ditched squid. Maybe someone was able to work it out since it is common to have multi wan.

    I used to use multi wan with gateway groups before but it turned out to be a pain sometimes, you need to spend quite some time setting it up correctly. You can't truly use both lines as one as the Web server on the other end will always see two IP's. Now at home I've only got a multi wan to fail over to free street WiFi lol, if my main connection fails. So pfsense can at least get a connection to send out an email notification to me.



  • Just as a heads up guys, pfSense 2.4.4 is released. But E2Guardian package has not yet been updated to support it. Hopefully it will be updated shortly by @marcelloc
    so don't update until a new package has come out. Otherwise you'll be left with a wide open network without filtering!

    • Also if you have pfBlockerNG installed, do not update it!! - It completely messes up the PHP GUI! I found out the hard way...


  • Starting with 2.4.4, only official packages are listed on default installation.

    To workaround this limitation, apply the patch on my unofficial repo.

    https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch

    apply using system patches package.



  • Marcelloc,

    I applied the patch thru system patches package but the E2Guardian package is still not available on the package list. How can I reinstall E2Guardian package. What will we do now !



  • Same here. The patch does not work. Can’t see e2 or wpad packages.



  • The patch works perfectly fine. I'm using it at the moment.

    Make sure you run the command in the first post again after the update to make sure that the unofficial repo is still added to pfsense.

    Steps : run the command in the first post to add the unofficial repo

    Install system patches

    Copy the code from the patch Marcello posted (the entire thing) give the patch a description and save it. Click test and then apply. Now when you go to the package manager, you will see E2 Guardian and WPAD.



  • pfsensation,

    yes, I have run the command of the unofficial repo ,installed the system patches and placed the url https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch on the URL/COMMIT ID and then applied it. but nothing happened, no e2guardian package on the package list.

    I used base directory : /usr/local/etc/pkg/repos/
    all other options are defaults

    I have also tried base directory : / but still no progress.



  • @ravegen said in Unofficial E2guardian package for pfSense:

    pfsensation,

    yes, I have run the command of the unofficial repo ,installed the system patches and placed the url https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch on the URL/COMMIT ID and then applied it. but nothing happened, no e2guardian package on the package list.

    I used base directory : /usr/local/etc/pkg/repos/
    all other options are defaults

    I have also tried base directory : / but still no progress.

    Don't place the URL. Copy the contents of the script and paste it into the patch box. Remember to remove the URL... Leave base directory as default "/"



  • you mean this content below,

    --- /etc/inc/pkg-utils.orig 2018-09-24 17:51:32.458825000 -0300
    +++ /etc/inc/pkg-utils.inc 2018-09-24 17:51:54.387033000 -0300
    @@ -388,7 +388,7 @@
    if ($base_packages) {
    $repo_param = "";
    } else {

    •   $repo_param = "-r {$g['product_name']}";
      
    •   $repo_param = "";
      

      }

      /*
      @@ -485,7 +485,7 @@
      $err);
      if (!$base_packages &&
      rtrim($out) != $g['product_name']) {

    •   		continue;
      
    •   		//continue;
        	}
      
        	$pkg_info['installed'] = true;


  • pfsensation

    thanks so much, it went ok.



  • @ravegen said in Unofficial E2guardian package for pfSense:

    pfsensation

    thanks so much, it went ok.

    Awesome, glad it worked!



  • @pfsensation I just tried over again over and over but damn it. I didn't understand while I was reading your instructions. I'm just confused, could you please tell me the steps one by one that I need to do for install e2guardian in 2.4.4 version of pfsense.)

    Thank you.



  • Getting this PHP error.. in crash reports.

    PHP ERROR: Type: 1, File: /etc/inc/service-utils.inc, Line: 668, Message: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
    Stack trace:
    #0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
    #1 {main}



  • @ucribrahim said in Unofficial E2guardian package for pfSense:

    @pfsensation I just tried over again over and over but damn it. I didn't understand while I was reading your instructions. I'm just confused, could you please tell me the steps one by one that I need to do for install e2guardian in 2.4.4 version of pfsense.)

    Thank you.

    Copy and paste the patch in, as I've done in the screenshot below
    alt Unofficial packages patch

    Then save it, press test and then apply the patch. Now if you go to the package manager. You will see E2 Guardian!



  • @asterix said in Unofficial E2guardian package for pfSense:

    Getting this PHP error.. in crash reports.

    PHP ERROR: Type: 1, File: /etc/inc/service-utils.inc, Line: 668, Message: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
    Stack trace:
    #0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
    #1 {main}

    I haven't experienced that at all, is this after upgrading to 2.4.4?

    Go ahead and start by re-installing E2 Guardian and see if that removes the error.



  • Again crashed,. Did a reinstall yesterday. Looks like the log rotation script is killing it.

    amd64
    11.2-RELEASE-p3
    FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018 root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSense

    Crash report details:

    PHP Errors:
    [27-Sep-2018 00:00:00 America/New_York] PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
    Stack trace:
    #0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
    #1 {main}
    thrown in /etc/inc/service-utils.inc on line 668

    No FreeBSD crash data found.



  • @asterix said in Unofficial E2guardian package for pfSense:

    Again crashed,. Did a reinstall yesterday. Looks like the log rotation script is killing it.

    amd64
    11.2-RELEASE-p3
    FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018 root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSense

    Crash report details:

    PHP Errors:
    [27-Sep-2018 00:00:00 America/New_York] PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
    Stack trace:
    #0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
    #1 {main}
    thrown in /etc/inc/service-utils.inc on line 668

    No FreeBSD crash data found.

    I experienced it today. Yeah it looks like the log rotate script is what's causing the crash. Which means logs won't be rotated. I'll have a look at it when I have a chance.



  • @marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light? ✋



  • Is there an option to edit first post in topic how to get e2guardian to show up atlest in list?



  • @marcelloc

    I have FQDN in one Firewall Alias that I created and used on Bypass Proxy for These Source IPs and Bypass Proxy for These Destination IPs. The problem is, I guess it is not working on alias because it is not bypassing on those FQDN but when I put it direct, it bypasses it properly.

    I am on Pfsense 2.4.4



  • Mesma situação aqui, acompanhando e aguardando a resposta do Marcello.



  • @ravegen said in Unofficial E2guardian package for pfSense:

    @marcelloc

    I have FQDN in one Firewall Alias that I created and used on Bypass Proxy for These Source IPs and Bypass Proxy for These Destination IPs. The problem is, I guess it is not working on alias because it is not bypassing on those FQDN but when I put it direct, it bypasses it properly.

    I am on Pfsense 2.4.4

    I'm doing something very similar to allow certain websites to bypass E2 Guardian. What's your alias type? You may have got that set incorrectly, because it works fine for me.



  • @pfsensation

    My alias type is HOST.

    Yes, I have this configuration work. But now I have so many aliases at ip addresses placed there. I do not know if there is a limitation on how many aliases or ip addresses to place on that bypass list.

    I noticed that when I placed sites, aliases and ip address on the bypass list, those will not appear on the realtime log. However, since the sites on the aliases I made shows on the realtime log, then i believe it is not working.


Log in to reply